From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 23 Jan 2019 10:41:03 +0000 (+0000)
Subject: For TLS session keys, keep config options in order read from file to keep the first... 
X-Git-Tag: release-1.9.0rc1~20
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=68a57554a62ee547495f28e9d6826f3fb47e141b;p=thirdparty%2Funbound.git

For TLS session keys, keep config options in order read from file to keep the first one as the first one.


git-svn-id: file:///svn/unbound/trunk@5064 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/daemon/unbound.c b/daemon/unbound.c
index c4e39e354..4a508c138 100644
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -443,8 +443,8 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 			}
 		}
 #endif
-		if(cfg->tls_session_ticket_keys) {
-			if(!listen_sslctx_setup_ticket_keys(daemon->listen_sslctx, cfg->tls_session_ticket_keys)) {
+		if(cfg->tls_session_ticket_keys.first) {
+			if(!listen_sslctx_setup_ticket_keys(daemon->listen_sslctx, cfg->tls_session_ticket_keys.first)) {
 				fatal_exit("could not set session ticket SSL_CTX");
 			}
 		}
diff --git a/doc/Changelog b/doc/Changelog
index a5b9bb886..bb789fbfa 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -6,7 +6,9 @@
 	  library compatibility when compiling.
 	- Patch for TLS session resumption from Manabu Sonoda,
 	  enable with tls-session-ticket-keys in unbound.conf.
-	- Fixes for patch (includes, declarations, warnings).
+	- Fixes for patch (includes, declarations, warnings).  Free at end
+	  and keep config options in order read from file to keep the first
+	  one as the first one.
 
 22 January 2018: Wouter
 	- Fix space calculation for tcp req buffer size.
diff --git a/util/config_file.c b/util/config_file.c
index 3e517695e..9b60254d7 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -487,7 +487,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
 	else S_STRLIST("additional-tls-port:", tls_additional_port)
 	else S_STRLIST("tls-additional-ports:", tls_additional_port)
 	else S_STRLIST("tls-additional-port:", tls_additional_port)
-	else S_STRLIST("tls-session-ticket-keys:", tls_session_ticket_keys)
+	else S_STRLIST_APPEND("tls-session-ticket-keys:", tls_session_ticket_keys)
 	else S_STR("tls-ciphers:", tls_ciphers)
 	else S_STR("tls-ciphersuites:", tls_ciphersuites)
 	else S_YNO("interface-automatic:", if_automatic)
@@ -927,7 +927,7 @@ config_get_option(struct config_file* cfg, const char* opt,
 	else O_STR(opt, "tls-cert-bundle", tls_cert_bundle)
 	else O_YNO(opt, "tls-win-cert", tls_win_cert)
 	else O_LST(opt, "tls-additional-port", tls_additional_port)
-	else O_LST(opt, "tls-session-ticket-keys", tls_session_ticket_keys)
+	else O_LST(opt, "tls-session-ticket-keys", tls_session_ticket_keys.first)
 	else O_STR(opt, "tls-ciphers", tls_ciphers)
 	else O_STR(opt, "tls-ciphersuites", tls_ciphersuites)
 	else O_YNO(opt, "use-systemd", use_systemd)
@@ -1364,7 +1364,7 @@ config_delete(struct config_file* cfg)
 	free(cfg->ssl_service_pem);
 	free(cfg->tls_cert_bundle);
 	config_delstrlist(cfg->tls_additional_port);
-	config_delstrlist(cfg->tls_session_ticket_keys);
+	config_delstrlist(cfg->tls_session_ticket_keys.first);
 	free(cfg->tls_ciphers);
 	free(cfg->tls_ciphersuites);
 	free(cfg->log_identity);
diff --git a/util/config_file.h b/util/config_file.h
index e87461aab..3cffdbff9 100644
--- a/util/config_file.h
+++ b/util/config_file.h
@@ -121,7 +121,7 @@ struct config_file {
 	/** additional tls ports */
 	struct config_strlist* tls_additional_port;
 	/** secret key used to encrypt and decrypt TLS session ticket */
-	struct config_strlist* tls_session_ticket_keys;
+	struct config_strlist_head tls_session_ticket_keys;
 	/** TLS ciphers */
 	char* tls_ciphers;
 	/** TLS chiphersuites (TLSv1.3) */
diff --git a/util/configparser.c b/util/configparser.c
index 0a12dcad2..18739485a 100644
--- a/util/configparser.c
+++ b/util/configparser.c
@@ -3292,7 +3292,7 @@ yyreduce:
 #line 840 "./util/configparser.y" /* yacc.c:1646  */
     {
 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str)));
-		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_session_ticket_keys,
+		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
 			(yyvsp[0].str)))
 			yyerror("out of memory");
 	}
diff --git a/util/configparser.y b/util/configparser.y
index ca9f10db0..5f52f4d77 100644
--- a/util/configparser.y
+++ b/util/configparser.y
@@ -839,7 +839,7 @@ server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
 	{
 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
-		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_session_ticket_keys,
+		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
 			$2))
 			yyerror("out of memory");
 	}